时间戳

首页 > 解决方案 > 数据库和弹簧安全问题

java - 数据库和弹簧安全问题

问题描述

我正在尝试创建一个连接到数据库的弹簧日志。其中很多已经通过 spring security 自动实现,但我有一个问题,我不知道重点是什么。我有两个相同的数据库,我试图解决这个问题,数据库相同,只是数据库的名称不同。

第一个数据库是这样的:

  DROP DATABASE  IF EXISTS `spring_security_demo_plaintext`;

CREATE DATABASE  IF NOT EXISTS `spring_security_demo_plaintext`;
USE `spring_security_demo_plaintext`;

--
-- Table structure for table `users`
--

DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
  `username` varchar(50) NOT NULL,
  `password` varchar(50) NOT NULL,
  `enabled` tinyint(1) NOT NULL,
  PRIMARY KEY (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

--
-- Inserting data for table `users`
--

INSERT INTO `users` 
VALUES 
('john','{noop}test123',1),
('mary','{noop}test123',1),
('susan','{noop}test123',1);


--
-- Table structure for table `authorities`
--

DROP TABLE IF EXISTS `authorities`;
CREATE TABLE `authorities` (
  `username` varchar(50) NOT NULL,
  `authority` varchar(50) NOT NULL,
  UNIQUE KEY `authorities_idx_1` (`username`,`authority`),
  CONSTRAINT `authorities_ibfk_1` FOREIGN KEY (`username`) REFERENCES `users` (`username`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

--
-- Inserting data for table `authorities`
--

INSERT INTO `authorities` 
VALUES 
('john','ROLE_EMPLOYEE'),
('mary','ROLE_EMPLOYEE'),
('mary','ROLE_MANAGER'),
('susan','ROLE_EMPLOYEE'),
('susan','ROLE_ADMIN');

另一个完全相同,只是数据库名称是dbstudents1.

现在,在我的属性文件中,我为数据库设置 url,如下所示:

jdbc.url=jdbc:mysql://localhost:3306/spring_security_demo_plaintext?useSSL=false

我的由 Spring 安全自动创建的登录页面工作正常,我可以登录,如果我输入错误的登录数据错误消息出现,但是当我输入另一个完全相同的数据库时,只是另一个名称,以及那个名称数据库是 dbstudents1,所以我重命名我的jdbc.url,然后看起来像这样:

jdbc.url=jdbc:mysql://localhost:3306/dbstudents1?useSSL=false

在我运行程序并输入登录数据后,消息总是Invalid username and password.即使是相同的数据库,只是名称不同。

我是否需要更改其他内容才能让程序从另一个数据库中获取数据?

另外,这是我的DemoSecurityConfig

    @Configuration
@EnableWebSecurity
public class DemoSecurityConfig extends WebSecurityConfigurerAdapter {

    // add a reference to our security data source
    
    @Autowired
    private DataSource securityDataSource;
    
    
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        // use jdbc authentication ... oh yeah!!!
        
        auth.jdbcAuthentication().dataSource(securityDataSource);
        
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
            .antMatchers("/").hasRole("EMPLOYEE")
            .antMatchers("/leaders/**").hasRole("MANAGER")
            .antMatchers("/systems/**").hasRole("ADMIN")
            .and()
            .formLogin()
                .loginPage("/showMyLoginPage")
                .loginProcessingUrl("/authenticateTheUser")
                .permitAll()
            .and()
            .logout().permitAll()
            .and()
            .exceptionHandling().accessDeniedPage("/access-denied");
        
    }
        
}

DemoAppConfig

    @Configuration
@EnableWebMvc
@ComponentScan(basePackages="spring.app")
@PropertySource("classpath:persistence-mysql.properties")
public class DemoAppConfig {

    // set up variable to hold the properties
    
    @Autowired
    private Environment env;
    
    // set up a logger for diagnostics
    
    private Logger logger = Logger.getLogger(getClass().getName());
    
    
    // define a bean for ViewResolver

    @Bean
    public ViewResolver viewResolver() {
        
        InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
        
        viewResolver.setPrefix("/WEB-INF/view/");
        viewResolver.setSuffix(".jsp");
        
        return viewResolver;
    }
    
    // define a bean for our security datasource
    
    @Bean
    public DataSource securityDataSource() {
        
        // create connection pool
        ComboPooledDataSource securityDataSource
                                    = new ComboPooledDataSource();
                
        // set the jdbc driver class
        
        try {
            securityDataSource.setDriverClass(env.getProperty("jdbc.driver"));
        } catch (PropertyVetoException exc) {
            throw new RuntimeException(exc);
        }
        
        // log the connection props
        // for sanity's sake, log this info
        // just to make sure we are REALLY reading data from properties file
        
        logger.info(">>> jdbc.url=" + env.getProperty("jdbc.url"));
        logger.info(">>> jdbc.user=" + env.getProperty("jdbc.user"));
        
        
        // set database connection props
        
        securityDataSource.setJdbcUrl(env.getProperty("jdbc.url"));
        securityDataSource.setUser(env.getProperty("jdbc.user"));
        securityDataSource.setPassword(env.getProperty("jdbc.password"));
        
        // set connection pool props
        
        securityDataSource.setInitialPoolSize(
                getIntProperty("connection.pool.initialPoolSize"));

        securityDataSource.setMinPoolSize(
                getIntProperty("connection.pool.minPoolSize"));

        securityDataSource.setMaxPoolSize(
                getIntProperty("connection.pool.maxPoolSize"));

        securityDataSource.setMaxIdleTime(
                getIntProperty("connection.pool.maxIdleTime"));
        
        return securityDataSource;
    }
    
    // need a helper method 
    // read environment property and convert to int
    
    private int getIntProperty(String propName) {
        
        String propVal = env.getProperty(propName);
        
        // now convert to int
        int intPropVal = Integer.parseInt(propVal);
        
        return intPropVal;
    }
}

标签: javamysqlspring

解决方案

推荐阅读